Jaffa Logo
Home Contact Us FAQs Site Map
Source Forge: Homepage Bugs @ Sourceforge Mailing Lists @ Sourceforge Task Manager @ Sourceforge CVS @ Sourceforge
Jaffa Site
Jaffa Runtime
Jaffa RAD
Propagating Security to the Data Tier

The explains how the Jaffa JDBC Persistence Engine has a generic plug-in point for setting up the security rules in the Data Tier while allowing Database connections to be pooled. It covers how the default plug-in works, and how you can write and insert your own.

  1. Contents
  2. Purpose
  3. Setting up the Security Plugin
  4. Writing Your Own Plug-In
Setting up the Security Plugin

Under Jaffa, the JDBCSecurityPlugin (under source\java\org\jaffa\security ) class implements the IJDBCSecurityPlugin interface.

public interface IJdbcSecurityPlugin {
    public void newConnection(Connection connection) throws SQLException;
    public void freeConnection(Connection connection) throws SQLException;

This interface allows functions to be implemented on the database connection just as a connection is being assigned from the connection pool to a UOW object. A second method is also called prior to placing the connection back in the pool, once the UOW has finished with it.

We there for want to implement a class that when a connection is acquired, we set the context of that connection based on the security context associated to the user executing the function.

The newConnection(...) method gets the Security context and then gets the principal to retrieve the user logged in the application.

Then it gets the list of roles assigned to the User and passes these information to the stored procedure to switch the context. The procedure called is 'set_userid(...)' in the jaffa_sec package.

To tell the JDBC Persistence Engine to use the security Plug in you must open source\java\org\jaffa\config\framework.properties.

The property framework.persistence.jdbcengine.security.plugin is set to the class which implements the IJDBCSecurityPlugin.

To use the plugin supplied by Jaffa, set this property to org.jaffa.security.JDBCSecurityPlugin

# The class that implements the IJdbcSecurityPlugin interface.
# It is invoked after acquiring and before freeing up a Connection object
# Do no specify any value, if this functionality is not desired.

Writing Your Own Plug-In

To implement your own plug in, implement the IJDBCSecurityPlugin interface and set the property in the application's framework.properties file to the class you have implemented to use it instead of the Jaffa provided class.

Code snippet for method executeStoredProcedure()
private void executeStoredProcedure(Connection connection, String userid) throws java.sql.SQLException {
   CallableStatement cs;
   try {
           log.debug("Calling the Stored Procedure");
      // Call a procedure with no parameters
       cs = connection.prepareCall("{call jaffa_sec.set_userid(?,?)}");
       ArrayDescriptor desc = ArrayDescriptor.createDescriptor("ROLE", connection);
       ARRAY newArray = new ARRAY(desc, connection, getUserRoles(userid).toArray());
       // Execute the stored procedure
   } catch (SQLException e) {
       String str = "Error in executing the the Stored Procedure";
       log.error(str, e);
       throw new UOWSecurityException(str, e);
   } finally {
            if (cs != null)
private List getUserRoles(String userid) {
   List l = (List) cache.get(userid);
       return l;
   // Figure out access and cache it.
   ArrayList al = null;
   Set rl = PolicyManager.getRoleSet();
   if(rl != null) {
       // Get thread context
       SecurityContext ctx = SecurityManager.getCurrentContext();
       if(ctx!=null) {
           // Check access to each role
               log.debug("Checking the Access to Each Role");
           for(Iterator it = rl.iterator(); it.hasNext();) {
               String role = (String)it.next();
               // If user has added add to the array
               if(ctx.inRole(role)) {
                   if(al == null)
                       al = new ArrayList();
   // Cache array and return value.
   cache.put(userid, al);
   return al;

File: DataSecurityPlugIn.html, Last Modified: Mon Jul 14 2003 at 3:35:31pm. This site has been built using PPWIZARD